CVE-2024-0550

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions.

Description A user who is already privileged as manager or admin can exploit this issue by setting their profile picture via the frontend API using a relative filepath. This allows them to use the PFP GET API to download any valid files. The attacker must have been granted privileged permissions to the system before executing this attack.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.